Payment processing system for use in a retail environment having segmented architecture

ABSTRACT

A payment processing system and method comprising a POS module providing an interface to effect sales of FGS in a retail environment, a device module operatively connected to at least one retail device configured to supply FGS and comprising a card reader adapted to receive a first payment card data for payment for the FGS, wherein the device module is adapted to control operation of the at least one retail device, and a payment system module operatively connected to the POS module and the device module, the payment system module adapted to validate payment for the FGS. The payment system module and the device module are separated from the POS module in order to segment a portion of the payment processing system configured to handle payment card data from a portion of the system that does not handle payment card data.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. patent applicationSer. No. 12/689,983 (entitled “Payment Processing System for Use in aRetail Environment Having Segmented Architecture” and filed on Jan. 19,2010, in the name of Berrio, et al.), which claims the benefit of U.S.patent application Ser. No. 61/145,578 (entitled “Segmentation ofPayment Processing in a Retail Environment” and filed on Jan. 18, 2009).The entire disclosure of each of the foregoing applications is herebyincorporated by reference as if set forth verbatim in its entiretyherein and relied upon for all purposes.

FIELD OF THE INVENTION

The present invention relates generally to payment processing systemsand, more particularly, to payment processing systems used in a retailfueling environment.

BACKGROUND OF THE INVENTION

Payment cards, such as credit cards and debit cards, have become aconvenient and preferable method of payment at a number of retailenvironments, including grocery stores, fueling stations, and otherretailers. Accepting payment cards as a method of payment subjects theseestablishments to security standards and regulations promulgated by thePayment Card Industry (“PCI,” also referred to as the PCI SecurityStandards Council). These standards include the Payment Application-DataSecurity Standard (“PA-DSS,” also referred to as the PCI Data SecurityStandard) created in an attempt to prevent fraud and other securityissues that arise due to the acceptance of payment cards and thetransmission of sensitive information associated with the payment cards,such as account number, account holder information, and personalidentification numbers (“PIN”).

PA-DSS sets forth standards and requirements that must be met by bothsoftware and hardware components used to receive, store, transmit, orotherwise handle the sensitive information. Additionally, software andhardware components that are unrelated to the portions configured tohandle the sensitive information are subject to the PA-DSS if they arepart of the same physical device. The software and hardware componentsthat do not handle sensitive information may include portions that areprogrammed or created to perform functions unrelated to paymentprocessing. Nonetheless, the entire device must be compliant with PA-DSSbecause it, in part, handles sensitive information.

By way of an example, several components in a retail fuelingenvironment, i.e., a fueling station, are not designed to handle paymentcard information. For instance, the point-of-sale (“POS”) device mayinclude software components adapted to display a graphical userinterface (“GUI”) that provides the station's manager with the abilityto set options associated with the POS or the fueling station, such asthe appearance of the receipts issued by the station's dispensers. Ifthe GUI includes portions that are considered noncompliant pursuant toPA-DSS, then the entire POS will also be considered noncompliant. Thismakes it difficult to change any portion of the overall system, becauseall such changes must comply with PA-DSS even when unrelated to paymentprocessing. The changed device may then be subject to an arduouscertification process.

SUMMARY OF THE INVENTION

The present invention recognizes and addresses the foregoingconsiderations, and others, of prior art construction and methods.

In this regard, one aspect of the present invention provides a paymentprocessing system in a retail environment comprising a point-of-sale(POS) module providing an interface for use by an operator of the retailenvironment to effect sales of fuel, goods, or services (FGS) in theretail environment, a device module operatively connected to at leastone retail device configured to supply FGS, the at least one retaildevice comprising a card reader adapted to receive a first payment carddata of a first payment card for payment for the FGS, wherein the devicemodule is adapted to control operation of the at least one retaildevice, and a payment system module operatively connected to the POSmodule and the device module, the payment system module adapted tovalidate payment for the FGS. The payment system module and the devicemodule are separated from the POS module in order to segment the paymentsystem module and the device module that handle the first payment carddata from the POS module that does not handle the first payment carddata.

Another aspect of the present invention provides a payment processingsystem in a retail environment comprising a point-of-sale device (POS)configured to provide an interface, wherein the interface is configuredto facilitate sales of fuel, goods, or services (FGS) in the retailenvironment, a payment transaction device operatively connected to thePOS and configured to effect payment transactions for the FGS, and afirst payment device operatively connected to the payment transactiondevice and configured to receive a first payment card data from a firstpayment card. A first portion of the retail environment comprising thePOS is segmented from a second portion of the retail environmentcomprising the payment transaction device and the first payment devicein order to segment the second portion that is configured to handlesensitive payment information from the first portion that is notconfigured to handle sensitive payment information.

Yet another aspect of the present invention provides a method foreffecting transactions involving payment card data in a retailenvironment for fuel, goods, or services (FGS) offered by the retailenvironment, the method comprising the steps of providing a sales deviceconfigured to conduct transactions for the sale of the FGS offered bythe retail environment, providing a transaction device operativelyconnected to the sales device and configured to effect paymenttransactions using the payment card data for the sale of the FGS offeredby the retail environment, providing a payment card device operativelyconnected to the transaction device, wherein the payment card device isconfigured to receive the payment card data, and segmenting the salesdevice that is not configured to handle the payment card data from thetransaction device and the payment card device that are configured tohandle the payment card data.

BRIEF DESCRIPTION OF THE DRAWINGS

A full and enabling disclosure of the present invention, including thebest mode thereof directed to one of ordinary skill in the art, is setforth in the specification, which makes reference to the appendeddrawings, in which:

FIG. 1 is a schematic representation of an exemplary payment processingsystem in a retail fueling environment of the prior art; and

FIGS. 2 and 3 are schematic representations of payment processingsystems in a retail fueling environment in accordance with embodimentsof the present invention.

Repeat use of reference characters in the present specification anddrawings is intended to represent same or analogous features or elementsof the invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Reference will now be made in detail to presently preferred embodimentsof the invention, one or more examples of which are illustrated in theaccompanying drawings. Each example is provided by way of explanation ofthe invention, not limitation of the invention. In fact, it will beapparent to those skilled in the art that modifications and variationscan be made in the present invention without departing from the scope orspirit thereof. For instance, features illustrated or described as partof one embodiment may be used on another embodiment to yield a stillfurther embodiment. Thus, it is intended that the present inventioncovers such modifications and variations as come within the scope of theappended claims and their equivalents.

FIG. 1 illustrates an exemplary retail fueling environment 100 inaccordance with the prior art. Retail fueling environment 100 comprisesone or more fuel dispensers 102, a dispenser hub 104, and aserver/workstation 106 (hereinafter “server 106”). Each dispenser 102comprises a customer interface that includes a card reader 105 forreading payment cards, such as credit, debit, or smart cards. As shouldbe understood by those of ordinary skill in the art, the customerinterface may include additional components, such as displays 108 andpinpads 110. Dispensers 102 are operatively connected to dispenser hub104, which may be accomplished via additional devices, such asdistribution box or “d-box” 112, as is understood in the art. Dispenserhub 104 is operatively connected to server 106, which may also beaccomplished via one or more intermediate devices, such as router 114.Server 106 is operatively connected to a card reader 116 and includes aprocessor 118 and computer readable medium 120. It should be understoodthat server 106 is operatively connected to a wide area network (“WAN”),such as the Internet, either directly or via one or more other devices,such as router 114.

In the present example, card reader 116 is a small separate device thatincludes a pinpad and is configured to receive the information from apayment card swiped or inserted into the reader and to accept a personalidentification number (“PIN”) entered into the pinpad by a user incertain circumstances.

In the present example, processor 118 executes several software moduleslocated on server 106 including manager workstation module 122, cashierworkstation module 124, forecourt module 126, and network payment module128. The program instructions for software modules 122, 124, 126, and128 are located on computer readable medium 120.

When executed, manager workstation module 122 displays a GUI that allowsthe owner, operator, or manager of the fueling station to set optionsfor the fueling environment. Manager workstation module 122 is alsoadapted to provide point-of-sale (“POS”) capabilities, including theability to conduct transactions for items offered for sale by thefueling station, such as the fuel provided by dispensers 102. Similarly,cashier workstation module 124 provides the station's cashier, clerk, oremployee the means necessary to effect a transaction for one or moreitems or services offered by the fueling station. In another embodiment,manager workstation module 122 and cashier workstation module 124 arethe same module. Cashier workstation module 124 is operatively connectedto, and controls the operation of, card reader 116.

Forecourt module 126 is adapted to control the operation of deviceslocated in the “forecourt” of retail fueling environment 100 andincludes program logic, subroutines, and/or other modules that performspecific functions in this regard. In this example, forecourt module 126comprises several modules, including fuel/pump control, card reader,GSM, car wash, and tank monitor modules as illustrated in FIG. 1. Thefuel/pump control module handles operation of dispensers 102, while thecar wash module handles operation of any on-site car washes. The tankmonitor module handles operation of any tank monitors connected to theunderground storage tanks of the retail fueling environment. The cardreader module handles operation of the card readers of retail fuelingenvironment 100, such as card readers 105 of dispensers 102. The GSMmodule is a security module that handles encryption of the sensitiveinformation transmitted by the components of retail fueling environment100. For instance, any payment card data received by card readers 105 ishandled by the card reader module and encrypted by the GSM module. Oneexample of the GSM module is explained in more detail in U.S. PublishedPatent Application No. 2009/0154696 (entitled “System and Method forSecure Keypad Protocol Emulation in a Fuel Dispenser Environment”), theentire disclosure of which is hereby incorporated by reference for allpurposes as if set forth verbatim herein.

Network payment module 128 is operatively connected to cashierworkstation module 124 and forecourt module 126, as well as any othermodules or software applications within the fueling environment thatrequire validation of payment card information. For instance, networkpayment module 128 performs validation of the payment card informationreceived by card readers 105 (via forecourt module 126), as well as cardreader 116 (via cashier workstation module 124), as described in moredetail below.

In operation, a user positions a vehicle adjacent to one of dispensers102 and uses the dispenser to refuel the vehicle. For payment, the userinserts and removes a payment card from card reader 105. Card reader 105reads the information on the payment card and transmits the informationto forecourt module 126 via d-box 112, dispenser hub 104, and router114. It should be understood that data containing sensitive informationmay be encrypted prior to being transmitted, thereby rendering thecommunication paths involved secure. The forecourt module 126 providesthe payment information to network payment module 128, which contacts ahost computer or system operated by the financial institution associatedwith the user's payment card via the WAN. The financial institutioneither validates or denies the transaction and transmits such a responseto network payment module 128. The information received from thefinancial institution's host computer system is transmitted from networkpayment module 128 back to forecourt module 126 to handle appropriately.This may include transmitting to dispenser 102 a request that the userprovide another payment card if the transaction is denied or printing areceipt if authorized.

Alternatively, the user may enter a convenience store portion of theretail fueling environment to pay for the dispensed fuel. In thisinstance, the user inserts and removes a payment card from card reader116, which transmits the payment card data received from the paymentcard to cashier workstation module 124. Cashier workstation module 124provides the payment information to network payment module 128, whichcontacts the financial institution's system associated with the paymentcard. The information received from the financial institution istransmitted from network payment module 128 back to cashier workstationmodule 124 to handle appropriately. This may include instructing aprinter connected to server 106 to provide a receipt to the user for thetransaction.

Additionally, a user may enter the convenience store portion of theretail fueling environment to purchase one or more of the items offeredby the store. The cashier or clerk uses cashier workstation module 124running on server 106 to tally the total amount of the items the userseeks to purchase. Cashier workstation module 124 communicates with cardreader 116, which requests that the user insert his payment card. Theuser inserts and removes the payment card using card reader 116 and mayalso enter his PIN using the card reader 116. Card reader 116 transmitsthe payment card information from the payment card and provides it tothe cashier workstation 124, which in turn provides the information tonetwork payment module 128. Network payment module 128 then attempts toprocess the payment of the transaction in a manner similar to thatdescribed above.

In this embodiment, components not designed to handle payment cardinformation, such as manager workstation module 122 and cashierworkstation module 124, are included in server 106 along with componentsdesigned specifically to handle payment card information, such asnetwork payment module 128. If either module 122 or 124 does not complywith PA-DSS, then the entire server 106 is considered not to be incompliance, including network payment module 128, even if the networkpayment module would be in compliance standing alone.

For additional information regarding retail fueling environments,reference is made to U.S. Pat. Nos. 6,453,204 (entitled “Fuel DispensingSystem”), 5,956,259 (entitled “Intelligent Fueling”), 5,734,851(entitled “Multimedia Video/Graphics in Fuel Dispensers”), 6,052,629(entitled “Internet Capable Browser Dispenser Architecture”), 5,689,071(entitled “Wide Range, High Accuracy Flow Meter”), and 6,935,191(“entitled “Fuel Dispenser Fuel Flow Meter Device, System and Method”),all of which are hereby incorporated by reference for all purposes as ifset forth verbatim herein.

FIG. 2 illustrates a retail fueling environment 200 in accordance withan embodiment of the present invention. Retail fueling environment 200is similar to retail fueling environment 100 of FIG. 1 in many respects,but illustrates a separation and relocation of components of theenvironment designed to handle payment card information from thosecomponents that are not. In this exemplary embodiment, forecourt module126 and network payment module 128 are relocated to the dispenser hub,which thus becomes an “enhanced” dispenser hub 302 as explained in moredetail below. Moreover, as will be explained, card reader 116 is alsofunctionally relocated.

FIG. 3 illustrates a retail fueling environment 300 in accordance withan embodiment of the present invention. As can be seen, dispenser hub104 of FIG. 1 has been replaced with an enhanced dispenser hub 302.Additionally, a PCI router 304 operatively connects enhanced dispenserhub 302 to router 114 and to the WAN as explained below. Retail fuelingenvironment 300 includes an additional POS 306 in comparison withfueling environments 100 and 200 (FIGS. 1 & 2, respectively). It shouldbe understood that the illustrated components are exemplary in nature,and other devices, such as additional computers, servers, and otherhardware or software, may be added to the environment as needed ordesired. For example, POS 306 may perform additional marketing functionsor other functions desired or required to manage the fueling station.

In the presently-described embodiment, enhanced dispenser hub 302comprises a processing device 308 and computer readable medium 310. Itshould be understood that computer readable medium 310 may be anyappropriate electronic storage device, such as random access memory(“RAM”), flash memory, EPROMs, hard drives, solid-state storage,CD-ROMs, CDs, DVDs, etc., as long as it is capable of being accessed byprocessing device 308. Likewise, processing device 308 may be anyappropriate processing device capable of accessing computer readablemedium 310 and executing the instructions, modules, or software storedthereon including a processor, microprocessor, controller, ormicrocontroller.

Forecourt module 126 and network payment module 128 are stored oncomputer readable medium 310 and adapted to be executed by processingdevice 308. Manager workstation module 122 and cashier workstationmodule 124 remain located on the computer readable medium 120 of server106. Card reader 116 is operatively connected to enhanced dispenser hub302, as is additional card reader 312. Additional software modules maybe stored on computer readable medium 310 and executed by processingdevice 308 as needed. As should be understood, modules may be standaloneprograms, applications, services, dynamic linked libraries, or acombination or portion thereof. In some embodiments, modules may behardware or firmware, such as a relay board or microprocessor programmedto perform a specific function.

In this embodiment, PCI router 304 is operatively connected to the WANand handles communications between devices within retail fuelingenvironment 300 and devices external to the environment via the WAN. Inthis embodiment, for instance, PCI router 304 is PA-DSS compliant andconfigured to communicate securely with the financial institution, aswell as enhanced dispenser hub 302, in order to effect transactionsinvolving payment cards. PCI router 304 is also operatively connected torouter 114 in order to handle communications between server 106 and POS306 and other devices both internal and external to retail fuelingenvironment 300.

In operation, a user refuels a vehicle using one of dispensers 102 anduses card reader 105 to provide payment information in a manner similarto that described above with respect to FIG. 1. Card reader 105transmits the payment card information to forecourt module 126, locatedon enhanced dispenser hub 302. Forecourt module 126 transmits thepayment card information necessary to effect a transaction to networkpayment module 128, which attempts to validate the transaction with thehost system of the financial institution associated with the paymentcard. In this example, payment card information (subject to therequirements of PA-DSS) is handled only by dispensers 102, d-box 112,and enhanced dispenser hub 302. Accordingly, only these devices need tomeet and comply with the requirements of PA-DSS.

In the embodiment of FIG. 1, a portion of cashier workstation module 124manages the operation of card reader 116. In the embodiment of FIG. 3,that portion of cashier workstation module 124 has been extracted andrelocated onto computer readable medium 310. Thus, the portion ofcashier workstation module 124 managing card reader 116, which handlespayment card information, is also located on enhanced dispenser hub 302and executed by processing device 308. This modular portion may alsomanage the operation of one or more additional card readers 312. Itshould be understood that while card reader 116 may be associated withand physically adjacent to either server 106 or POS 306, it isoperatively connected to enhanced dispenser hub 302. Accordingly, anydata output by card readers 116 and 312 is transmitted to enhanceddispenser hub 302.

Rather than using card reader 105, the user may enter the conveniencestore to pay for the dispensed fuel. In this example, fuel dispenser 102transmits data representative of the fueling transaction, such as thetotal amount due from the user for the dispensed fuel. Enhanceddispenser hub 302 retains any sensitive information in the data butotherwise transmits the non-sensitive data to server 106. At this point,the user may select other fuel, goods, or services offered by the storefor purchase. The cashier uses server 106 or POS 306 to performfunctions necessary to prepare the transaction to sell the items. Forinstance, the cashier may use the GUI provided by cashier workstationmodule 124 running on server 106 to tally the total amount of the itemsthe user seeks to purchase, including any dispensed fuel and tax.

Once the necessary steps have been taken to prepare the transaction asshould be known in the art, the transaction information necessary forpayment processing, such as total price, is transmitted by cashierworkstation module 124 via router 114 and PCI router 304 to enhanceddispenser hub 302. Card reader 116 receives instructions from the moduleexecuting on enhanced dispenser hub 302 and requests the user to insertthe user's payment card and to provide the corresponding PIN (ifnecessary). Card reader 116 transmits the payment card information tonetwork payment module 128 which processes the payment in a mannersimilar to that described above. Payment module 128 and/or card reader116 transmits the response from the financial institution of the paymentprocessing to cashier workstation module 124 in order for the module toperform additional functions unrelated to the handling of payment cardinformation, such as removing the items purchased by the user from thestore's running inventory or printing a receipt confirming thetransaction. Accordingly, server 106 and POS 306 are not configured tohandle sensitive information, such as payment card data.

Cashier workstation module 124, as well as server 106 and additional POS306, may perform a number of additional functions, all of which areunrelated to handling payment card information. Because these softwareand hardware components do not handle payment card information, they arenot subject to PA-DSS. Accordingly, these components have beeneffectively segmented from the software and hardware components that aresubject to compliance with PA-DSS. It should be apparent from the abovedescription that only those devices handling or transmitting paymentcard information, including dispensers 102, d-box 112, enhanced hub 302,and card readers 116 and 312, need to be certified as compliant withPA-DSS. As a result, all modules of the system that are subject toPA-DSS regulations are segmented from the modules of the system that donot require PA-DSS compliance. The computers that comprise only modulesthat do not require PA-DSS compliance, such as server 106 and POS, alsodo not require PA-DSS compliance. The segmented architecture avoids thelabor and expense required to certify compliance of the devices that donot include modules that handle sensitive information. Additionally, afewer number of devices and a smaller footprint of the system aresubject to PA-DSS compliance. Thus, a smaller portion of the systemarchitecture will need to be changed or upgraded should the applicablesecurity regulations change.

In another embodiment configured to maintain the segmentation of thedevices within retail fueling environment 300 configured to handlepayment card data from those that are not, enhanced dispenser hub 302may be configured to create secure reports regarding the financialtransactions performed by the enhanced dispenser hub. The secure reportsare encrypted and password protected in order to prevent the reportsfrom unauthorized access. Because the reports are secure, users mayaccess the secure reports for which they have proper authorization fromdevices that do not require PA-DSS compliance. For instance, a managermay select, retrieve, and open a secure report using POS 306 withoutsubjecting the POS to PA-DSS compliance. A more detailed explanationregarding the secure reports is set forth in U.S. patent applicationSer. No. 12/544,995 (entitled “Secure Reports for Electronic PaymentSystems”), the entire disclosure of which is hereby incorporated byreference for all purposes as if set forth verbatim herein.

While one or more preferred embodiments of the invention have beendescribed above, it should be understood that any and all equivalentrealizations of the present invention are included within the scope andspirit thereof. The embodiments depicted are presented by way of exampleonly and are not intended as limitations upon the present invention.Thus, it should be understood by those of ordinary skill in this artthat the present invention is not limited to these embodiments sincemodifications can be made. For example, aspects of one embodiment may becombined with aspects of other embodiments to yield still furtherembodiments. Therefore, it is contemplated that any and all suchembodiments are included in the present invention as may fall within thescope and spirit thereof.

What is claimed is:
 1. A retail fueling environment comprising: a firstportion of the retail fueling environment that is configured to handleonly non-sensitive transaction information, the first portioncomprising: a point-of-sale device (POS) configured to facilitate a saleof fuel, goods, or services for use by an operator of the fuelingenvironment to perform functions unrelated to handling of sensitivepayment information; a second portion of the retail fueling environmentthat is configured to handle sensitive payment information and thenon-sensitive transaction information, the second portion comprising: aplurality of fuel dispensers, each having a customer interface includinga card reader and a PIN pad to receive sensitive payment information,the customer interface being configured to transmit the sensitivepayment information; a secure hub device operatively connected to theplurality of fuel dispensers and the POS, the secure hub device beingoperative to: receive the sensitive payment information from thecustomer interfaces of the fuel dispensers; receive the non-sensitivetransaction information from the fuel dispensers; separately route thesensitive payment information and non-sensitive transaction informationsuch that the secure hub device: transmits the sensitive paymentinformation to a financial institution system operatively connected tothe secure hub device via an external network and does not transmit thesensitive payment information to the POS; and transmits thenon-sensitive transaction information including information indicativeof the fuel dispensed and non-sensitive customer identificationinformation to the POS; and allow dispensing of fuel at the fueldispensers or sale of goods or services upon receipt of authorizationfrom the financial institution system; wherein the first portion of theretail fueling environment is segmented from the second portion so thatthe second portion handles the sensitive payment information and thenon-sensitive transaction information and the first portion handles onlythe non-sensitive transaction information.
 2. The retail fuelingenvironment of claim 1 comprising: a secure router operatively connectedto the secure hub device; and a store router operatively connected tothe POS and the secure router, wherein the first portion of the retailfueling environment comprises the store router and the second portion ofthe retail fueling environment comprises the secure router.
 3. Theretail fueling environment of claim 1, wherein the secure hub device isa separate physical device from the POS and the plurality of fueldispensers.
 4. The retail fueling environment of claim 1 comprising atleast one underground storage tank associated with at least one tankmonitor, wherein the secure hub device is configured to receive tankmonitor data from the at least one tank monitor.
 5. The retail fuelingenvironment of claim 1 comprising a car wash, wherein the secure hubdevice is configured to handle operation of the car wash.
 6. The retailfueling environment of claim 1, wherein the secure hub device isconfigured to handle operation of the plurality of fuel dispensers. 7.The retail fueling environment of claim 1 comprising a payment deviceassociated with and located adjacent to at least a portion of the POSand operatively connected to the secure hub device, the payment devicebeing configured to receive and transmit the sensitive paymentinformation to the secure hub device, wherein the second portion of theretail fueling environment comprises the payment device.
 8. A secure hubdevice for a retail fueling environment, whereby the retail fuelingenvironment comprises a first portion that is configured to handle onlynon-sensitive transaction information and a second portion that isconfigured to handle sensitive payment information and the non-sensitivetransaction information, wherein the second portion of the retailfueling environment comprises a plurality of fuel dispensers, eachhaving a customer interface including a card reader and a PIN pad toreceive sensitive payment information, the customer interface beingconfigured to transmit the sensitive payment information, wherein thefirst portion of the retail fueling environment comprises apoint-of-sale device (POS), wherein the POS is configured to facilitatea sale of fuel, goods, or services for use by an operator of the fuelingenvironment to perform functions unrelated to handling of the sensitivepayment information, and wherein the secure hub device being operativewhen connected for communication with the plurality of fuel dispensersand the POS to: receive the sensitive payment information from thecustomer interfaces of the fuel dispensers; receive the non-sensitivetransaction information from the fuel dispensers; separately route thesensitive payment information and non-sensitive transaction informationsuch that the secure hub device: transmits the sensitive paymentinformation to a financial institution system operatively connected tothe secure hub device via an external network and does not transmit thesensitive payment information to the POS; and transmits thenon-sensitive transaction information to the POS; and allow dispensingof fuel at the fuel dispensers or sale of goods or services upon receiptof authorization from the financial institution system; wherein thefirst portion of the retail fueling environment is segmented from thesecond portion so that the second portion handles the sensitive paymentinformation and the non-sensitive transaction information and the firstportion handles only the non-sensitive transaction information.
 9. Thesecure hub device of claim 8 being operative to create a reportcomprising at least a portion of the transaction information.
 10. Thesecure hub device of claim 9, wherein the report is a secure reportcomprising at least a portion of the sensitive payment information. 11.The secure hub device of claim 8 being operative to receive tank monitordata from a tank monitor of the retail fueling environment.
 12. Thesecure hub device of claim 8 being operative to handle operation of acar wash of the retail fueling environment.
 13. A secure hub devicecomprising: a processing device; memory operatively connected to theprocessing device comprising: a payment data software module configuredto process sensitive payment data and non-sensitive transactioninformation for a transaction, wherein the sensitive payment data isreceived from at least one payment device of a retail fuelingenvironment at which the sensitive payment data is provided by acustomer, and wherein the non-sensitive transaction information isreceived from the at least one payment device of the retail fuelingenvironment; a point-of-sale software module configured to communicatewith a point-of-sale device (POS) of the retail fueling environmentincluding providing non-sensitive data for the transaction to the POS;and a transaction software module configured to transmit the sensitivepayment data to a host configured to effect payment for the transactionand does not transmit the sensitive payment information to the POS sothat the sensitive payment information and non-sensitive transactioninformation are separately routed; and wherein the secure payment hubdevice enables a first portion of the retail fueling environmentcomprising the POS to be segmented from a second portion of the retailfueling environment comprising the at least one payment device so thatthe first portion handles only the non-sensitive data for thetransaction.
 14. The secure hub device of claim 13, wherein the at leastone payment device comprises a payment card reader of a fuel dispenserof the retail fueling environment.
 15. The secure hub device of claim14, wherein the at least one payment device comprises a PIN pad of thefuel dispenser.
 16. The secure hub device of claim 13, wherein the atleast one payment device is a payment card reader associated with andlocated adjacent to at least a portion of the POS.
 17. The secure hubdevice of claim 16, wherein the at least one payment device comprises apayment card reader of a fuel dispenser of the retail fuelingenvironment.
 18. The secure hub device of claim 13 comprising a housingthat is physically different from the POS and the at least one paymentdevice.
 19. The secure hub device of claim 13, wherein the memorycomprises a forecourt software module configured to control operation ofat least one device located in a forecourt of the retail fuelingenvironment.
 20. The secure hub device of claim 19, wherein theforecourt software module comprises a fuel pump module, wherein the atleast one device located in the forecourt comprises at least one fuelpump and the fuel pump software module is configured to control the atleast one fuel pump.
 21. The secure hub device of claim 13, wherein thememory comprises a tank monitor software module configured to receivedata from a tank monitor connected to an underground storage tank of theretail fueling environment.
 22. The secure hub device of claim 13,wherein the memory comprises a car wash software module configured tohandle operation of a car wash of the retail fueling environment.
 23. Amethod for effecting a transaction for a retail fueling environment thatincludes a first portion comprising a point-of-sale device (POS) and asecond portion comprising at least one payment device and at least onefuel dispenser, wherein the first portion of the retail fuelingenvironment is configured to handle only non-sensitive data, and whereinthe second portion of the retail fueling environment is configured tohandle sensitive payment data and the non-sensitive data, the methodcomprising: providing, in the second portion, a secure hub deviceoperatively connected to the POS, the at least one payment device, andthe at least one fuel dispenser, wherein the secure hub device isconfigured to communicate the non-sensitive data associated with thetransaction to the POS and to receive the sensitive payment dataassociated with the transaction from the payment device; receiving thesensitive payment data from the payment device; receiving thenon-sensitive data from the payment device; separately routing thesensitive payment data and non-sensitive data such that the secure hubdevice: transmits at least a portion of the sensitive payment data fromthe payment device to a host system to effect payment for thetransaction and does not transmit the sensitive payment data to the POS;and transmits the non-sensitive data including information indicative offuel dispensed and non-sensitive customer identification information tothe POS; and receiving confirmation data associated with the transactionfrom the host system; wherein the first portion of the retail fuelingenvironment is segmented from the second portion so that the secondportion handles the sensitive payment data and the non-sensitive dataand the first portion handles only the non-sensitive data.
 24. Themethod of claim 23, wherein the at least one fuel dispenser comprisesthe at least one payment device.
 25. The method of claim 23, wherein theat least one payment device comprises a first payment card readerassociated with and located adjacent to at least a portion of the POSand a second payment card reader included in the at least one fueldispenser.
 26. The method of claim 23, wherein the at least one paymentdevice is associated with and located adjacent to the POS.
 27. Themethod of claim 23, wherein the non-sensitive data transmitted to thePOS comprises a non-sensitive portion of the confirmation data receivedfrom the host system.